.TH tcpdrop 8  "2018-05-30" "USER COMMANDS"
.SH NAME
tcpdrop \- Trace kernel-based TCP packet drops with details. Uses Linux eBPF/bcc.
.SH SYNOPSIS
.B tcpdrop [\-4 | \-6] [\-h]
.SH DESCRIPTION
This tool traces TCP packets or segments that were dropped by the kernel, and
shows details from the IP and TCP headers, the socket state, and the
kernel stack trace. This is useful for debugging cases of high kernel drops,
which can cause timer-based retransmits and performance issues.

This tool works using dynamic tracing of the tcp_drop() kernel function,
which requires a recent kernel version.

Since this uses BPF, only the root user can use this tool.
.SH REQUIREMENTS
CONFIG_BPF and bcc.
.SH OPTIONS
.TP
\-4
Trace IPv4 family only.
.TP
\-6
Trace IPv6 family only.
.TP
\-h
Print usage message.
.SH EXAMPLES
.TP
Trace kernel-based TCP packet drops with details:
#
.B tcpdrop
.TP
Trace IPv4 family only:
#
.B tcpdrop \-4
.TP
Trace IPv6 family only:
#
.B tcpdrop \-6
.SH FIELDS
.TP
TIME
Time of the drop, in HH:MM:SS format.
.TP
PID
Process ID that was on-CPU during the drop. This may be unrelated, as drops
can occur on the receive interrupt and be unrelated to the PID that was
interrupted.
.TP
IP
IP address family (4 or 6)
.TP
SADDR
Source IP address.
.TP
SPORT
Source TCP port.
.TP
DADDR
Destination IP address.
.TP
DPORT
Destionation TCP port.
.TP
STATE
TCP session state ("ESTABLISHED", etc).
.TP
FLAGS
TCP flags ("SYN", etc).
.SH OVERHEAD
This traces the kernel tcp_drop() function, which should be low frequency,
and therefore the overhead of this tool should be negligible.

As always, test and understand this tools overhead for your types of
workloads before production use.
.SH SOURCE
This is from bcc.
.IP
https://github.com/iovisor/bcc
.PP
Also look in the bcc distribution for a companion _examples.txt file containing
example usage, output, and commentary for this tool.
.SH OS
Linux
.SH STABILITY
Unstable - in development.
.SH AUTHOR
Brendan Gregg
.SH SEE ALSO
tcplife(8), tcpaccept(8), tcpconnect(8), tcptop(8)
